If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

Theres also xhydra if you dont like the CLI helps with trial and error type of attacks

Isnt xhydra xhydra Bruteforcing? This isnt about that. This is about sniffing traffic and watching it being pass over the network. Not us doing trial and errorpassword guessing.

Originally Posted by sql-inj

I cant see the reason for using both ettercap AND arp-spoof. You can do the arp-poisoning using ettercap, no need for arp-soof.

(If I am mistaken, please do correct me)

I had problems when using JUST ettercap. I dunno why that was right now tho

Originally Posted by ethicalhacker

That was the great posting.

I have doubt

I dont find wlan0 in my lan.

Can i interchange, it will eth0

will it work???

wlan0 = Wireless
eth0 = Ethernet (wired).
I was doing it over my wireless network. If you dont have a wireless network - you can also do it over wired, just replace wlan0 with your interface! (e.g. eth0 or eth1)

Thanks for the tut, I've tryed it and all work correctly.
I've just a question.. how can I "arpspoofing" the the entire lan? can I use something like this?

Code:

arpspoof -i wlan0 -t 192.168.*.* 192.168.1.1

khianhui has this covered.

Originally Posted by khianhui

you should find it out which is the broadcast address of your network. For example 192.168.1.255 instead of 192.168.1.*.

Originally Posted by Av4t4r

Hi all. I've a question. Why do you use "-k" when you launch sslstrip? what's the difference if you don't use it? (I'm about to try that)

Thank you

Av4t4r.

P.S: my first post

sslstrip 0.6 by Moxie Marlinspike
Usage: sslstrip <options>
Options:
-w <filename>, --write=<filename> Specify file to log to (optional).
-p , --post Log only SSL POSTs. (default)
-s , --ssl Log all SSL traffic to and from server.
-a , --all Log all SSL and HTTP traffic to and from server.
-l <port>, --listen=<port> Port to listen on (default 10000).
-f , --favicon Substitute a lock favicon on secure requests.-k , --killsessions Kill sessions in progress.
-h Print this help message.
What this does (If I remember rightly), any current connect sessions, are killed once this is run. For example. if they where logged into gmail, they would have to re log in again. I also recommend trying trying "-f". See what that does

Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

Hello. I don't understand some sitiations.

Why are you using --destination port 80 if https work on port 443?.
On my case, change the value in ip_forward is not working; I just can use the forwarding capabilities when use fragrouter but the sniffer don't work, no one decripted data I can get.

Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

you are perfect m8! and i have a question

we use cyberoam to enter the internet @ my school. When you connect to school wireless, its redirect you http://192.168.150.1:8090/httpclient.html and you have to enter your username and password to use internet connection..

1. should i enter my pass and user name to sniff? Or being connected to wireless enough?
2. when i use ifconfig it says Bcast:192.168.62.255 do i use this instead of 192.168.1.1?

Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

Originally Posted by nicksiz

we use cyberoam to enter the internet @ my school

As tempting as it may be to try arpspoofing your school network, You should first realize that its illegal to do without explicit consent from your school (Which i doubt they will give) and that we don't support or condone this kind of activity in these forums. Besides which this will totally kill all the network traffic(because all the traffic is being routed through the attackers pc, downside of arpspoofing) and your system admins will likely notice if they know what they are doing. Its not worth it. Take care mate.

However if anybody else is confused about this:

Originally Posted by nicksiz

when i use ifconfig it says Bcast:192.168.62.255 do i use this instead of 192.168.1.1?

Yes this is the case. If you have a different broadcast address, use it. The addresses given by g0tmi1k are only example addresses, which apply to the network he was using. Addresses will likely be different for your own network. Hope that helps.